Quick guide to SSH keys
Set UP SSH Keys
To simplify remote logins you can use ssh keys. Information is stored
below "$HOME/.ssh". Starting from scratch on a system execute the
This generates a public/private key set. You do this once on a system
from which you will want to provide authentication. You will normally
choose the default directory. If a pass-phrase is used you need to
enter that pass-phrase at least once on the machine requesting
authentication. See "ssh-agent" man page for information about keeping
an authentication key in memory. If you do not use a pass-phrase things
are a bit simpler at the expense of security.
The ssh-keygen command creates files:
You will copy the .ssh/id_rsa.pub key to another machine. This file can
scp -p .ssh/id_rsa.pub
If you wish to grant multiple systems remote access you need to
id_rsa.pub file from the machine which executed
ssh-keygen such that multiple entries are placed in the authorized_keys
file. Place entries one per line. You can also append the entry
~/.ssh/id_rsa.pub | ssh -l userid hostname "cat -
The .ssh directory must have permission 700.
The command ssh-copy-id provides a very simple way to copy an ssh key to a
Here is an example assuming you have a lab system that grants you root
$ ssh-copy-id -i .ssh/id_rsa.pub root@labsys
Connecting To Remote Web Server
You can use an ssh tunnel to connect to a remote web server. This can be
handy if you need to perform some remote administration or view web pages on
some remote server. The example here shows how you can remotely administer a
web server running on a hardware firewall.
Assume you have a hardware firewall connected to a Linux box and forwarding
ssh requests to that Linux box like so:
For this example assume that the firewall/router box has the typical
192.168.1.1 address and runs a web server on port 80 and that it is set up
to port forward ssh (port 22) to the Linux box.
Also assume that the IP address assigned by the ISP has given the cable
modem an address of 184.108.40.206.
On your local system you run this command:
Now also on your local system place the following address in your browser: